comscore MediaTek audio chip flaw that could led to eavesdropping Android users fixed

MediaTek chip flaw that could led to eavesdropping Android users fixed

The MediaTek audio chips flaw could have potentially exposed Android users' conversations, it could have even led hackers to hide malicious code.


Chip storage has already plagued the tech hub and a new chip security flaw has now become a growing concern among smartphone users. Zero-day vulnerabilities have given the hackers leeway to exploit systems, gain ‘administrator privileges.’ Security researchers have unearthed a flaw in the MediaTek chip that power over a third of the world’s smartphones. Also Read - Flipkart Big Bachat Dhamaal sale: Best smartphone deals on iPhone 12 Mini, ROG Phone 3 and more

As per Check Point Research, the flaw was found in a MediaTek audio processing chip that is implemented in many Android phones from major vendors including Xiaomi, Oppo, Realme, and Vivo. CPR in a blog post explained how the hack could be executed via three separate vulnerabilities- CVE-2021-0661, CVE-2021-0662, and CVE-2021-0663. Also Read - Google Android 12 for TV rolling out with some much-needed features: Check details

How a flaw in the MediaTek chip could have helped hackers run ‘eavesdrop campaign’

CPR reverse-engineered MediaTek’s audio chip and discovered an opening that could allow a malicious app to install code. The report detailing the process cited what hackers would have been required to go through to exploit this vulnerability. On installing and launching a malicious app from the Google Play Store, it would have given hackers the opportunity to misuse the vulnerability in MediaTek SoC-powered smartphones. Upon installation, the app would have used the MediaTek API to ‘intercept audio passing through the chip and either record it locally or upload it to an attacker’s server.’ Also Read - Netflix launches 3 new Android games on Play Store: Wonderputt Forever, Knittens, Dominoes Cafe

CPR already disclosed its findings to MediaTek and Xiaomi in October and the identified vulnerabilities have already been patched by the Taiwanese chip manufacturer. Had the flaw been left unpatched, a hacker could have exploited it in the chip to eavesdrop on users and hide malicious code.

“Device security is a critical component and priority of all MediaTek platforms. Regarding the Audio DSP vulnerability disclosed by Check Point, we worked diligently to validate the issue and make appropriate mitigations available to all OEMs. We have no evidence it is currently being exploited. We encourage end-users to update their devices as patches become available and to only install applications from trusted locations such as the Google Play Store,” Tiger Hsu, Product Security Officer at MediaTek stated.

Slava Makkaveev, Security Researcher at Check Point Software in a press release cited Digital Trends that with MediaTek’s ubiquity in the world, they suspected potential threat and ’embarked research into the technology,’ that opened a chain of vulnerabilities that could be used as an attack vector to create an ‘eavesdrop campaign.’ But thankfully, the flaws were caught before they would have reached hackers to further exploit it.

For the latest tech news across the world, latest PC and Mobile games, tips & tricks, top-notch gadget reviews of most exciting releases follow BGR India’s Facebook, Twitter, subscribe our YouTube Channel. Also follow us on  Facebook Messenger for latest updates.
  • Published Date: November 25, 2021 4:16 PM IST

new arrivals in india

Best Sellers